Cryptolaemus cybersecurity experts: The malware distribution process is the same used to distribute BazarLoader.
Trend Micro: Cybercrime is exploiting iframes in a new tech support scam (TSS) campaign, that use Microsoft as a lure
Cybercrime is exploiting iframes in a new tech support scam (TSS) campaign. It’s used in combination with basic pop-up authentication to freeze a user’s browser. It has been discovered by Trend Micro cyber security experts. Like many TSS campaigns, it disguises itself as a legitimate or well-known brand’s service provider to lure its victims, this time Microsoft. The cyber criminals lock users’ web browsers and display fake alert pop-ups, two in this case: one that asks for user authentication and another that simply urges to ask for technical support. By then the user has unknowingly entered a loop. Clicking on the Cancel button of the authentication pop-up will only lead back to the URL. The close and OK buttons does not work or do anything, and are only likely there to make it look legitimate. The aim is obviously to steal credential and personal sensitive information.
The cyber security experts: the URLs related to the iframe TSS campaign have been already visited at most 575 times in a day. Stopping the scam it’s easy. Users have just to close the browser using Task Manager
According by Trend Micro, the URLs related to the iframe TSS campaign have been already visited at most 575 times in a day. These recorded clicks were from several different URLs, as the other evasion technique this campaign employed involves changing its host IP address approximately 12 times a day. The cyber security experts, however, remind that blocking this cybercrime scam it’s very easy. Users have just to close the browser using Task Manager. Furthermore, they can recognise that the tech support pages are fake, looking for suspicious characteristics of a webpage, such as unfamiliar URLs, pop-ups asking for authentication, or any sort of information and messages that raise panic and alarm.